Coinbase, an online trading platform for Bitcoin, based in the USA, is going one step further with wallet security. Every user is now able to get many API keys instead of just one. The API keys have a special security feature which in order to protect the user; the user has to sign during transactions and requests. In addition, with the multiple API keys, the user is now able to set granular permissions, or control and access your data, and can whitelist IPs separately for each key.

API Keys with Different Permissions

An API is not a user interface, it is a software-to-software interface in which different applications talk to one another without the knowledge or intervention from users. Initially, Coinbase offered users only one API key that would enable users to make different requests to the Coinbase API. This fact meant that you had to be super cautious with your API key since you only had one.

Coinbase introducing multiple API keys is great because each key has different permissions. This means that you can now assign different roles to your keys. With this, the user has more control over their online wallet.

Old Keys and new HMAC keys

Coinbase is making another change in their system; they are “deprecating the old style of API keys.” Instead, they are making it so that all new keys,

“will be accompanied by a secret, that you will use to sign requests as you make them.”

This is known as HMAC Authentication. More information can be found in the Coinbase API docs.

Coinbase also says that the old API key is still working. It has just

“been migrated to the new multi-key architecture and you will see it in the list of API keys, marked as deprecated.”

Coinbase recommends that every user move onto the new API keys + Secret. If you still haven’t gotten the picture, Coinbase further says that they will be stopping any support for the old keys in August 2014.

Benefits of the Multiple API Keys

There is more security with every key. This is because when you create or edit the keys, you have the new option of specifying which job or permission the key will allow. You are also now able to whitelist certain IP addresses to ensure everything goes smoothly.

There is more security with each step. Coinbase has made it so that when you “create a new API key, edit an existing API key, or view an API key” you are asked for your password or the two-step authentication.
Coinbase also says,

“You are also prompted for a special security token that is e-mailed to you whenever you try to re-enable a disabled API key.”

In addition, the user can see when each API key was created and also when the last update was made to it. With all of this, Coinbase hopes to become a safe and reliable platform for Bitcoin users to store their coins.